

<!DOCTYPE html>
<html class="writer-html5" lang="en" >
<head>
  <meta charset="utf-8" />
  <meta name="generator" content="Docutils 0.19: https://docutils.sourceforge.io/" />

  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  
  <title>CVE-2022-0670: Native-CephFS Manila Path-restriction bypass &mdash; Ceph Documentation</title>
  

  
  <link rel="stylesheet" href="../../_static/ceph.css" type="text/css" />
  <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
  <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
  <link rel="stylesheet" href="../../_static/ceph.css" type="text/css" />
  <link rel="stylesheet" href="../../_static/graphviz.css" type="text/css" />
  <link rel="stylesheet" href="../../_static/css/custom.css" type="text/css" />

  
  

  
  

  

  
  <!--[if lt IE 9]>
    <script src="../../_static/js/html5shiv.min.js"></script>
  <![endif]-->
  
    
      <script type="text/javascript" id="documentation_options" data-url_root="../../" src="../../_static/documentation_options.js"></script>
        <script src="../../_static/jquery.js"></script>
        <script src="../../_static/_sphinx_javascript_frameworks_compat.js"></script>
        <script data-url_root="../../" id="documentation_options" src="../../_static/documentation_options.js"></script>
        <script src="../../_static/doctools.js"></script>
        <script src="../../_static/sphinx_highlight.js"></script>
    
    <script type="text/javascript" src="../../_static/js/theme.js"></script>

    
    <link rel="index" title="Index" href="../../genindex/" />
    <link rel="search" title="Search" href="../../search/" />
    <link rel="next" title="CVE-2021-3531: Swift API denial of service" href="../CVE-2021-3531/" />
    <link rel="prev" title="Past vulnerabilities" href="../cves/" /> 
</head>

<body class="wy-body-for-nav">

   
  <header class="top-bar">
    <div role="navigation" aria-label="Page navigation">
  <ul class="wy-breadcrumbs">
      <li><a href="../../" class="icon icon-home" aria-label="Home"></a></li>
          <li class="breadcrumb-item"><a href="../">Security</a></li>
          <li class="breadcrumb-item"><a href="../cves/">Past vulnerabilities</a></li>
      <li class="breadcrumb-item active">CVE-2022-0670: Native-CephFS Manila Path-restriction bypass</li>
      <li class="wy-breadcrumbs-aside">
            <a href="../../_sources/security/CVE-2022-0670.rst.txt" rel="nofollow"> View page source</a>
      </li>
  </ul>
  <hr/>
</div>
  </header>
  <div class="wy-grid-for-nav">
    
    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
      <div class="wy-side-scroll">
        <div class="wy-side-nav-search"  style="background: #eee" >
          

          
            <a href="../../" class="icon icon-home"> Ceph
          

          
          </a>

          

          
<div role="search">
  <form id="rtd-search-form" class="wy-form" action="../../search/" method="get">
    <input type="text" name="q" placeholder="Search docs" aria-label="Search docs" />
    <input type="hidden" name="check_keywords" value="yes" />
    <input type="hidden" name="area" value="default" />
  </form>
</div>

          
        </div>

        
        <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
          
            
            
              
            
            
              <ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../start/">Ceph 简介</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../install/">安装 Ceph</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../cephadm/">Cephadm</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../rados/">Ceph 存储集群</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../cephfs/">Ceph 文件系统</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../rbd/">Ceph 块设备</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../radosgw/">Ceph 对象网关</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../mgr/">Ceph 管理器守护进程</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../mgr/dashboard/">Ceph 仪表盘</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../monitoring/">监控概览</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../api/">API 文档</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../architecture/">体系结构</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../dev/developer_guide/">开发者指南</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../dev/internals/">Ceph 内幕</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../governance/">项目管理</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../foundation/">Ceph 基金会</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../ceph-volume/">ceph-volume</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../releases/general/">Ceph 版本（总目录）</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../releases/">Ceph 版本（索引）</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="../">Security</a><ul class="current">
<li class="toctree-l2 current"><a class="reference internal" href="../cves/">Past Vulnerabilities / CVEs</a><ul class="current">
<li class="toctree-l3 current"><a class="current reference internal" href="#"> CVE-2022-0670</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#summary">Summary</a></li>
<li class="toctree-l4"><a class="reference internal" href="#affected-versions">Affected versions</a></li>
<li class="toctree-l4"><a class="reference internal" href="#fixed-versions">Fixed versions</a></li>
<li class="toctree-l4"><a class="reference internal" href="#recommendations">Recommendations</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="../CVE-2021-3531/"> CVE-2021-3531</a></li>
<li class="toctree-l3"><a class="reference internal" href="../CVE-2021-3524/"> CVE-2021-3524</a></li>
<li class="toctree-l3"><a class="reference internal" href="../CVE-2021-3509/"> CVE-2021-3509</a></li>
<li class="toctree-l3"><a class="reference internal" href="../CVE-2021-20288/"> CVE-2021-20288</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../process/">Vulnerability Management Process</a></li>
<li class="toctree-l2"><a class="reference internal" href="../#reporting-a-vulnerability">Reporting a vulnerability</a></li>
<li class="toctree-l2"><a class="reference internal" href="../#supported-versions">Supported versions</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../hardware-monitoring/">硬件监控</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../glossary/">Ceph 术语</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../jaegertracing/">Tracing</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../translation_cn/">中文版翻译资源</a></li>
</ul>

            
          
        </div>
        
      </div>
    </nav>

    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">

      
      <nav class="wy-nav-top" aria-label="top navigation">
        
          <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
          <a href="../../">Ceph</a>
        
      </nav>


      <div class="wy-nav-content">
        
        <div class="rst-content">
        
          <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
           <div itemprop="articleBody">
            
<div id="dev-warning" class="admonition note">
  <p class="first admonition-title">Notice</p>
  <p class="last">This document is for a development version of Ceph.</p>
</div>
  <div id="docubetter" align="right" style="padding: 5px; font-weight: bold;">
    <a href="https://pad.ceph.com/p/Report_Documentation_Bugs">Report a Documentation Bug</a>
  </div>

  
  <section id="cve-2022-0670-native-cephfs-manila-path-restriction-bypass">
<span id="cve-2022-0670"></span><h1>CVE-2022-0670: Native-CephFS Manila Path-restriction bypass<a class="headerlink" href="#cve-2022-0670-native-cephfs-manila-path-restriction-bypass" title="Permalink to this heading"></a></h1>
<section id="summary">
<h2>Summary<a class="headerlink" href="#summary" title="Permalink to this heading"></a></h2>
<p>Users who were running OpenStack Manila to export native CephFS and who
upgraded their Ceph cluster from Nautilus (or earlier) to a later
major version were vulnerable to an attack by malicious users. The
vulnerability allowed users to obtain access to arbitrary portions of
the CephFS filesystem hierarchy instead of being properly restricted
to their own subvolumes. The vulnerability is due to a bug in the
“volumes” plugin in Ceph Manager. This plugin is responsible for
managing Ceph File System subvolumes, which are used by OpenStack
Manila services as a way to provide shares to Manila users.</p>
<p>Again, this vulnerability impacts only OpenStack Manila clusters that
provided native CephFS access to their users.</p>
</section>
<section id="affected-versions">
<h2>Affected versions<a class="headerlink" href="#affected-versions" title="Permalink to this heading"></a></h2>
<p>Any version of Ceph running OpenStack Manila that was upgraded from Nautilus
or earlier.</p>
</section>
<section id="fixed-versions">
<h2>Fixed versions<a class="headerlink" href="#fixed-versions" title="Permalink to this heading"></a></h2>
<ul class="simple">
<li><p>Quincy v17.2.2 (and later)</p></li>
<li><p>Pacific v16.2.10 (and later)</p></li>
<li><p>Octopus v15.2.17</p></li>
</ul>
</section>
<section id="recommendations">
<h2>Recommendations<a class="headerlink" href="#recommendations" title="Permalink to this heading"></a></h2>
<ol class="arabic simple">
<li><p>Users should upgrade to a patched version of Ceph at their earliest
convenience.</p></li>
<li><p>Administrators who are
concerned they may have been impacted should audit the CephX keys in
their cluster for proper path restrictions.</p></li>
</ol>
</section>
</section>



<div id="support-the-ceph-foundation" class="admonition note">
  <p class="first admonition-title">Brought to you by the Ceph Foundation</p>
  <p class="last">The Ceph Documentation is a community resource funded and hosted by the non-profit <a href="https://ceph.io/en/foundation/">Ceph Foundation</a>. If you would like to support this and our other efforts, please consider <a href="https://ceph.io/en/foundation/join/">joining now</a>.</p>
</div>


           </div>
           
          </div>
          <footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer">
        <a href="../cves/" class="btn btn-neutral float-left" title="Past vulnerabilities" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
        <a href="../CVE-2021-3531/" class="btn btn-neutral float-right" title="CVE-2021-3531: Swift API denial of service" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
    </div>

  <hr/>

  <div role="contentinfo">
    <p>&#169; Copyright 2016, Ceph authors and contributors. Licensed under Creative Commons Attribution Share Alike 3.0 (CC-BY-SA-3.0).</p>
  </div>

   

</footer>
        </div>
      </div>

    </section>

  </div>
  

  <script type="text/javascript">
      jQuery(function () {
          SphinxRtdTheme.Navigation.enable(true);
      });
  </script>

  
  
    
   

</body>
</html>